Download - Byzantine Broadcast with Dishonest Majority
Byzantine Broadcast with Dishonest Majority
Ezra Gordon under Jun Wan
PROBLEM
Byzantine Broadcast Background→IDEALByzantine Generals are trying to agree on whether to go forward or retreat
They need a way to reach consensus
GO
Byzantine Generals are trying to agree on whether to go forward or retreat
They need a way to reach consensus, but Generals may be spies or corrupted
Byzantine Broadcast Background→FLAWED
GO?
Byzantine Broadcast Background→COMPLICATEDWhat is a “leader”? → Random, origin of message
They need a way to reach consensus, but Generals may be spies or corrupted
11 Honest7 Corrupt
Byzantine Broadcast Background→COMPLICATED
11 Honest6 Corrupt11 Corrupt6 Honest
Agreement from:[# Corrupt Users] + 1
Agreement from:[All users]
Majority is meaningless
Formal Problem Statement:Given...
1. Honest users all commit on a message m if the leader is honest (termination)
2. Honest users never commit on m’≠m, if a different honest user has already committed to m (consistency)
Given...
1. Honest users all output a message if the leader is honest (termination)
2. Honest users never output different messages (consistency)
SOLUTION
Users record who thinks who is corrupted
Honest users stay connected
Trust graphs are distinct
Key Concept: Trust Graphs
4 Honest 1 Corrupt Kanye
Kim
● Gives a way to remove/ignore corrupt users:○ Within x rounds of communicating, users always receive messages from other users that are
distance x away on their trust graphs
Therefore...
○ Proving limitations of the trust graphs proves upper bounds for communication requirements
What’s the Point of Keeping Trust Graphs?
But I’m your friend!
Trust graph diameter upper bound (d)=
How each part of our protocol operates:
Gossip(sender, message, rounds)
Key Concept: The Gossip Function
KimGO!!
GO
!!
GO!!
GO
!!
GO
!!
GO!!
GO!!
GO
!!
ex:
Gossip(Kim, “GO!!”, 2)
Intuition of Solution● Three Step protocol:
1. The leader broadcasts a message, users then RELAY messages sent by
the leader
2. Users “VOTE” on what to do (whether the message is “legit”)
3. Users decide/share their choice to COMMIT
● Most users are corrupt, so the steps become more drawn out
Gossip(Leader, messageLeader, d)
Why:
So every user has something to vote on
So users know if the leader “equivocated”
Relay StepTuesday
Vote Step
Gossip(Every user i, Vi, d)
and... when i receives Vj: Gossip(i, confirm-Vj, d)
Why:
So every user knows what everyone plans to do
So every user has a record of other users receiving votes
KimKim
Kanye
VK
“Kanye has VK”
Commit Step
Gossip(Every user i, “commit”, d)
if...
Why:
So users receive confirmation .... that they should “terminate”
Khloe
Users are carefully instructed such that an honest/flawless leader cannot be undermined:
- Malicious users cannot impersonate or frame the leader
- Protocol dictates that malicious users must act honest or be removed
Termination
“Phase” PA:
“Phase” PB after PA:
Same round consistency → Voting detects issues
Different round consistency → More complicated
Consistency - Why “vote” for 2d rounds?
A
B
Tuesday!
Wednesday!
Phase PC between them:B’
Wednesday!
B0
Wednesday!
B0
Wednesday!
A
Tuesday!
This only occurs if:
Users can claim they didn’t receive sufficient information to not commit
B
It seems straightforward, but for rigor
Key insight: B, must not detect issues from earlier Li or Bi
If B trusts B0, B must have received “Wednesday” before A committed to Tuesday, and sent it to A, contradicting the fact that A committed
Thank you!Special thanks to:
Jun Wan
Professor Devadas
Professor Gerovitch
PRIMES Program
MIT
AbstractByzantine broadcast is a well-studied consensus-building problem in computer science. A randomly chosen leader must ensure all honest users agree on the same message. Broadly speaking, most literature/results for this problem rely on an honest majority of users in the protocol. For this project, worked to improve and simplify his existing protocol and proof for with sub-linear round complexity under a dishonest majority of users. We also explored proofs for theoretical minimum round complexity under a dishonest majority.
Thoughts on organization-1-3 (more) slides on general byzantine agreement
-1 slide on specific parameters for us
-1-2 slides on trust graphs (maybe another for equivocation)
-2-3 slides explaining the protocol
-2-3 slides outlining the proof
-There is probably something else too
Byzantine Broadcast Background→COMPLICATED
11 Honest7 Corrupt11 Honest6 Corrupt
I’m bad
Users record who thinks who is corrupted
Key Concept: Trust Graphs
11 Corrupt6 Honest
Kim
Kanye
Users need to be connected to 5 others
Revisited SolutionThree Step protocol:
1. A leader broadcasts a message, users then RELAY messages sent by the leader (d rounds)
a.
2. Users “VOTE” on what to do (2*d rounds)a.
3. Users decide/share their choice to COMMIT (d rounds)
“Equivocation” &Users have something to vote on
Assuring common knowledge &Preventing later disagreements Announcing commitment
Parameters● In different rounds, users send “signed” messages to one another.
(Signatures can’t be faked)● Users initially always send updates to everyone● User X outs themself as malicious to user Y if:
- X doesn’t send a message to Y- X sends two messages that conflict*- X otherwise doesn’t follow instructions...
● Users record who “trusts” who in a “trust graph”